50,000 Sites Infected With Cryptojacking Script

The cryptocurrency mining malware epidemic is getting out of hand: nearly 50,000 sites have been surreptitiously infected with crypto-jacking scripts, according to security researcher Troy Mursch from Bad Packets Report.

Relying on source-code search engine PublicWWW to scan the web for pages running crypto-jacking malware, Mursch was able to identify at least 48,953 affected websites. He adds that at least 7,368 of the compromised sites are powered by WordPress.

The researcher notes that Coinhive continues to be the most widespread crypto-jacking script out there, accounting for close to 40,000 infected websites – a stunning 81 percent of all recorded cases.

It is worth pointing out that Mursch was able to find at least 30,000 websites running Coinhive back in November last year.

For the rest, Bad Packets Report indicates the remaining 19 percent are spread between various Coinhive alternatives, like Crypto-Loot, CoinImp, Minr and deepMiner.

His research suggests there are 2,057 sites infected by Crypto-Loot, 4,119 by CoinImp, 692 sites by Minr, and 2,160 by deepMiner.

Back in February, security researchers discovered that a slew of legitimate websites – including government and public service agency portals – were quietly running crypto-jacking scripts.

The researcher has also published a document on PasteBin file detailing the 7,000 affected sites found since January 20 this year. “Some of these sites have already removed the crypto-jacking malware,” the PasteBin page reads. “However, many remain compromised. Browse at your own risk.”

Subscribe via Email

Receive weekly fintech news!

Email Address

Focus On Fintech helps you keep up to date with the fintech world by providing you with weekly doses of some of the most important news on fintech topics ranging from blockchain and cryptocurrency to mobile payment and AI-powered banking and finance.